Modern operating systems utilize a system of user accounts and passwords to limit access to data on a computer. This can be effective if a hacker has temporary access to the computer, but the user accounts and passwords do not protect data if the computer is stolen. For example, there are ways (e.g., connecting the hard disk to another computer or starting it on a computer of a different operating system from an external storage medium) which allow one to read data from a disk. Even files that are removed can be restored by using software and hardware.
The threat of data loss in the event of theft or removal can be reduced by encryption of the data on the disk. This measure is important for mobile computers (notebooks, tablets) where the risk of getting lost or stolen is greatest, but it can be useful for providing security and confidentiality of data being kept on any computer or workstation.
Full Disk Encryption (FDE) is designed to protect data stored on a disk in cases when the computer is stolen or removed in the turned-off state.
File encryption is an encryption used only for particular files on a computer disk. It is easier and faster to use, but more vulnerable. For example, files in encrypted form can be copied and decrypted afterwards by the method of brute force. Also, programs which use encrypted files can save the decrypted files in a cache, and the original file after encryption is deleted from the disk, but it can be restored by restoring deleted files.
Passwords for hard disks are a function provided by the disk vendors. Disk passwords do not encrypt the data on the hard disk, they simply prevent the disk from interacting with the computer until the password is entered. There are ways of removing the passwords from disks, and also ways of extracting data with the aid of mechanical interventions in the hard disks (replacement of plates or microcircuits of the read only memory (ROM)).
If the computer is mobile and includes a substantial amount of important documents or any documents which can be classified as especially secret, it may be desired to use full disk encryption. Ever more threats are also appearing at present to corporate networks, within which data are present on almost every computer that should never under any circumstances leave the precincts of the corporate network.
There are many conventional ways of full disk encryption available, for example, by the specialized software products BitLocker, TrueCrypt, PGPDisk, and others. Also, recently, a way of performing full disk encryption has become part of popular antivirus corporate solutions, such as Kaspersky Endpoint Security DPE.
When carrying out a full disk encryption of boot disks, a pre-boot authentication module is installed on the disk. This module asks the user to enter a password, and after this is entered correctly the booting of the operating system (OS) begins.
Antivirus software products also have their own pre-boot authentication modules. When a full disk encryption is applied to the boot disk, the antivirus software changes the sequence of the booting process, integrating the pre-boot authentication module in the conventional process of pre-booting of the computer. This module operates at the pre-booting execution stage and uses the interfaces of the basic input/output system (BIOS) or a unified extensible firmware interface (UEFI) to work with the computer hardware. The pre-booting execution stage is the stage in which the microcode of the computer is initialized, but the booting of the operating system (OS) has not yet begun.
In the pre-booting execution stage, interaction with the computer hardware is possible only via the microcode interfaces. The microcode has its own issues, limitations and problems involving the hardware compatibility of devices. Therefore, the components of the antivirus software working at this stage can also have various compatibility problems. When such problems occur, the computer may not start, since the pre-boot authentication module is used for starting up the OS from an encrypted disk, but is not compatible with the computer hardware.